<?php

echo '<div id="page_header">'."\n";
echo '<ul>'."\n";
echo '<li class="titlename2">Change Password</li>'."\n";
echo '<li class="type2">Change Password for user : '.$PACTS_cfg->getUserName().'</li>'."\n";
echo '</ul>'."\n";
echo '</div>'."\n";

echo '<div id="details-section">'."\n";

$frmUserName = $PACTS_cfg->getUserName();
//$frmUserId = @$_GET['frmUserId'];

if (isset($_POST['submit']))
{ // if form has been submitted
    /* check they filled in what they supposed to,
    passwords matched, username
    isn't already taken, etc. */


//    print_r($_POST);
    $formRand = $_POST['formRand'];
    $error_occurred = FALSE;

    if (!$_POST['passwd'.$formRand] | !$_POST['passwd_again'.$formRand] ) {
        $message = 'You did not fill all required fields.';
        $error_occurred = TRUE;
    }
    // check if username exists in database.

    $sql =  "SELECT * FROM ".$PACTS_cfg->userstablename." WHERE username = '".$frmUserName."'";
    $result = mysql_query($sql,$PACTS_cfg->dblink);
    $resultsnumber_Indv = mysql_numrows($result);

    if ($resultsnumber_Indv == 1){

        $error_occurred = FALSE;
    } else {
        $message = 'Sorry, error occured with that user name.';
        $error_occurred = TRUE;
    }

    // check passwords match
    if ($_POST['passwd'.$formRand] != $_POST['passwd_again'.$formRand]) {
        $message = 'Passwords did not match.';
        $error_occurred = TRUE;
    }

    //////////////////////////////
    // check that existing password is ok
    if(strcasecmp($frmUserName,$_SESSION['username'])==0) {
        $existing_password = $_POST['passwd_existing'.$formRand];
        $existing_password = stripslashes($existing_password);
        $existing_password = md5($existing_password);

        $sql =  "SELECT * FROM ".$PACTS_cfg->userstablename." WHERE pw = '".$existing_password."' AND username = '".$frmUserName."'";
        $result = mysql_query($sql,$PACTS_cfg->dblink);
        $resultsnumber_Indv = mysql_numrows($result);

        if ($resultsnumber_Indv == 1){
            $error_occurred = FALSE;
        } else {
            $message = 'Sorry, existing password is incorrect';
            $error_occurred = TRUE;
        }
    }

    /////////////////////////////

    $newpassword = strip_tags($_POST['passwd'.$formRand]);
    // now we can add them to the database.
    // encrypt password

    if(!$error_occurred) {
        $newpassword = md5($newpassword);

        if (!get_magic_quotes_gpc()) {
            $newpassword = addslashes($newpassword);
        }

        $regdate = date('m d, Y');

        $sql = "UPDATE ".$PACTS_cfg->userstablename." SET
                pw = '".$newpassword."',
                ModificationTMS = now(),
                ModificationUserId  = '".$frmUserName."'
                WHERE username='".$frmUserName."';";

        $result = mysql_query($sql,$PACTS_cfg->dblink);


        if (!$result) {
            $error_occurred = TRUE;
            echo $sql;
            $message = 'Sorry, existing password is incorrect';
        }
        else {
            $error_occurred = FALSE;

            $PACTS_cfg->InsertAuditTrailEntry("-", "[password]" ,"Edit","Users", "pw", $frmUserName, "index.php?view=User_ChangePassword",$frmUserName);
            //function $PACTS_cfg->InsertAuditTrailEntry($OldData, $NewData, $ChangeType, $TableName, $FieldName, $UserId, $PageName,$RecordId)


            $message = "Password Changed!";
        }
    }
echo '<p class="changes">'.$message.'</p>'."\n";
}
if (!isset($_POST['submit']) || $error_occurred == TRUE);
{	// if form hasn't been submitted


    $formRand= rand();

    echo '<form action="index.php?view=User_ChangePassword" method="post">'."\n";
    echo '<div id="viewDetailsC2">'."\n";
    //    echo '<input type="hidden" name="UserId"  value="'.$PACTS_cfg->getUserName().'" />'."\n";
    echo '<input type="hidden" name="formRand"  value="'.$formRand.'" />'."\n";
//    echo '<input type="hidden" name="Username"  value="'.$PACTS_cfg->getUserName().'" />'."\n";

    //    echo '<table border="0" cellspacing="0" cellpadding="3">'."\n";
    echo '<ul>'."\n";
    echo '<li class="viewDetailsHeader">'."\n";
    echo 'Current Password*:'."\n";
    echo '</li>'."\n";
    echo '<li class="viewDetailsDataEdit">'."\n";
    echo '<input type="password" name="passwd_existing'.$formRand.'" maxlength="50" value="" />'."\n";
    echo '</li>'."\n";
    echo '</ul>'."\n";
    echo '<ul>'."\n";
    echo '<li class="viewDetailsHeader">'."\n";
    echo 'New Password*:'."\n";
    echo '</li>'."\n";
    echo '<li class="viewDetailsDataEdit">'."\n";
    echo '<input type="password" name="passwd'.$formRand.'" maxlength="50" value="" />'."\n";
    echo '</li>'."\n";
    echo '</ul>'."\n";
    echo '<ul>'."\n";
    echo '<li class="viewDetailsHeader" >'."\n";
    echo 'Confirm Password*:'."\n";
    echo '</li>'."\n";
    echo '<li class="viewDetailsDataEdit">'."\n";
    echo '<input type="password" name="passwd_again'.$formRand.'" maxlength="50" value="" />'."\n";
    echo '</li>'."\n";
    echo '</ul>'."\n";
    echo '<ul>'."\n";
    echo '<li class="viewDetailsHeader" >'."\n";
    echo '&nbsp;'."\n";
    echo '</li>'."\n";
    echo '<li class="viewDetailsDataEdit">'."\n";
    echo '<input type="submit" name="submit" value="Submit" />'."\n";
    echo '</li>'."\n";
    echo '</ul>'."\n";

    echo '<p class="smalltxt">* Mandatory Fields</p>'."\n";
}
echo '</div>'."\n";
echo '</form>'."\n";
echo '</div>'."\n";

?>
